1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to secure booting, and more particularly, to secure booting in which the integrity of an operating system (OS) can be guaranteed when booting with the OS.
2. Description of the Related Art
Embedded systems such as electronic appliances, communication devices, and set-top boxes generally use non-volatile storage devices as storage media for storing and processing data.
An embedded system stores an OS in a non-volatile storage device and is booted by the stored OS. The OS is generally stored in a non-volatile storage device in the form of an image.
When the embedded system is booted from the OS stored in the non-volatile storage device, there should be a way of guaranteeing that the OS has not changed. For example, when power is applied to a cellular phone and the cellular phone is then booted by an OS stored in an embedded non-volatile storage device, there should be a way of guaranteeing the integrity of the stored OS. If the integrity of an OS is not guaranteed and the OS has been changed by an external attacker during the booting of an embedded system, the embedded system will not operate normally.
Thus, various approaches for secure booting by guaranteeing the integrity of an OS of an embedded system have been suggested.
FIG. 1 is a block diagram of a secure booting apparatus allowing the secure booting of an embedded system according to the prior art.
The secure booting apparatus includes an OS storing unit 10, a memory unit 20, and a control unit 30. The OS storing unit 10 stores an OS and a check value of an algorithm, the check value corresponding to the OS. The OS stored in the OS storing unit 10 is loaded into the memory unit 20 when the embedded system is booted. The control unit 30 calculates a check value based on the loaded OS using the algorithm used to calculate the stored check value and determines the integrity of the loaded OS by comparing the stored check value and the calculated check value.
The OS storing unit 10 includes a non-volatile storage region to store the OS and check value even when the applied power is removed.
When booting is performed by the OS, the secure booting apparatus may further include a booting code storing unit 40 and a key storing unit 50. The booting code storing unit 40 stores a booting code including information about a booting process. The key storing unit 50 encrypts the OS and check value stored in the OS storing unit 10 and stores keys for the encrypted OS and check value. Since the booting code storing unit 40 is set as read only, the stored booting code cannot be changed from the outside. The check value calculation may use any algorithm that calculates a different check value if only a single bit of the OS is changed and no identical check value exists.
The key storing unit 50 generally includes a tamper resistance module (TRM) to protect against forgery and to protect a key stored therein from being externally accessed. The reason for this protection is that if the key stored in the key storing unit 50 is exposed to the outside, the OS and check value that are stored in the OS storing unit 10 after being encrypted are vulnerable to being tampered with. The key storing unit 50 may be embedded into or implemented separately from the control unit 30 that controls the overall booting process.
FIG. 2 is a flowchart illustrating a secure booting method according to the prior art.
Referring to FIG. 2, once the power is applied to the embedded system, the control unit 30 reads the booting code stored in the booting code storing unit 40 to initiate the booting process in operation S10.
The control unit 30 then loads the OS stored in the OS storing unit 10 into the memory unit 20 according to the read booting code in operation S20. At this time, the control unit 30 accesses the booting code stored in the booting code storing unit 40 and the OS loaded into the memory unit 20 from the OS storing unit 10 based on a predetermined mapping table.
The control unit 30 then decrypts the loaded OS using the key stored in the key storing unit 50 in operation S30.
The control unit 30 calculates a check value based on the decrypted OS using the algorithm used to calculate the check value stored in the OS storing unit 10 in operation S40.
The control unit 30 compares the calculated check value and the loaded and decrypted check value to determine the integrity of the OS stored in the OS storing unit 10 in operation S50.
If the calculated check value and the loaded check value are the same, the OS is determined as not having been changed and the booting process progresses normally in operation S60.
If the calculated check value and the loaded check value are different, it is determined that the OS is changed and its integrity is damaged, and thus, the booting process is stopped in operation S70.
The secure booting method according to the prior art uses a predetermined algorithm to determine whether the OS is changed. If the algorithm is known to the outside, there is a possibility that not only the OS but also the algorithm may be changed, resulting in damage to the integrity of the OS. Moreover, since the booting code storing unit 40 is set as read only to prevent a booting code from being changed from the outside if the booting code is exposed to the outside after mass production of an embedded system using the booting code, a large recall cost is required to change the exposed booting code.
Furthermore, a key is used to encrypt an OS and a check value, resulting in additional cost for configuring a TRM for storing the key. Like the booting code, when such a key is exposed to the outside, a large recall cost is required to change the exposed key.
Korean Patent Publication No. 2003-0074016 discloses a system driven using a NAND flash memory and a method for driving the system, in which a booting speed is improved by performing a multi-step booting operation through a single NAND interface. However, the foregoing technique has a problem in that it is difficult to guarantee the integrity of an OS when the system driven using the NAND flash memory is booted.